Polycom DOC2702A User Manual
Appendix F-Secure Communication Mode
Polycom, Inc.
F-5
4
Click the Send Certificate button to send the certificate to the MCU.
The MCU validates the certificate.
—
The MCU validates the certificate.
—
If the certificate is not valid, an error message is displayed.
—
If the certificate matches the private key, and the task is completed, a confirmation
message indicating that the certificate was created successfully is displayed.
A System Restart is not required at this point.
The certificate expiry date is checked daily. An active alarm is raised two weeks before
The certificate expiry date is checked daily. An active alarm is raised two weeks before
the certificate is due to expire, stating the number of days to expiry.
If the certificate expires, the MCU continues to work in secure mode and an Active
If the certificate expires, the MCU continues to work in secure mode and an Active
Alarm is raised with Security mode failed – Certificate expired in the description field.
Creating/Modifying System Flags
The following System Flags in system.cfg control secure communications.
•
•
RMX_MANAGEMENT_SECURITY_PROTOCOL
•
EXTERNAL_DB_PORT
Appendix F, “System Flags” , below, lists both flags and their settings.
If the System Flag, RMX_MANAGEMENT_SECURITY_PROTOCOL does not exist in the system, it
If the System Flag, RMX_MANAGEMENT_SECURITY_PROTOCOL does not exist in the system, it
must be created by using the RMX Setup menu.
For more information see "Modifying System Flags” on page
For more information see "Modifying System Flags” on page
The MCU must be restarted for modified flag settings to take effect.
Enabling Secure Communication Mode
After the SSL/TLS Certificate is installed, secure communications are enabled by modifying
the properties of the Management Network in the Management Network properties dialog box.
When Secure Communications Mode is enabled:
•
When Secure Communications Mode is enabled:
•
Only https:// commands from the browser to the Control Unit IP Address of the
MCU are accepted.
•
The MCU listens only on secured port 443.
•
All connection attempts on port 80 are rejected.
Certificates are deleted when an administrator performs a Restore Factory Defaults with the
Comprehensive Restore option selected.
Comprehensive Restore option selected.
Table F-3
System Flags
Flag
Description
RMX_MANAGEMENT_
SECURITY_PROTOCOL
SECURITY_PROTOCOL
Enter the protocol to be used for secure communications.
Default: TLSV1_SSLV3 (both).
Default for U.S. Federal licenses: TLSV1.
Default: TLSV1_SSLV3 (both).
Default for U.S. Federal licenses: TLSV1.
EXTERNAL_DB_PORT
The external database server port used by the MCU to send and
receive XML requests/responses.
For secure communications set the value to 443.
Default: 5005.
receive XML requests/responses.
For secure communications set the value to 443.
Default: 5005.